{%- if grains['role'] == 'so-eval' -%}
{%- set ES = salt['pillar.get']('manager:mainip', '') -%}
{%- else %}
{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
{%- endif %}
{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %}
{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %}

output {
  if [module] =~ "logscan" {
    elasticsearch {
      id => "logscan_pipeline"
      pipeline => "logscan.alert"
      hosts => "{{ ES }}"
    {% if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %}
      user => "{{ ES_USER }}"
      password => "{{ ES_PASS }}"
    {% endif %}
      index => "so-logscan"
      template_name => "so-common"
      template => "/templates/so-common-template.json"
      template_overwrite => true
      ssl => true
      ssl_certificate_verification => false
    }
  }
}
